<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[11270] sites/trunk/api.wordpress.org/public_html/dotorg/github: Profiles: Display GitHub activity on profiles.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://meta.trac.wordpress.org/changeset/11270">11270</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://meta.trac.wordpress.org/changeset/11270","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>dd32</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2021-10-08 05:41:01 +0000 (Fri, 08 Oct 2021)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Profiles: Display GitHub activity on profiles.
This is implemented through a WordPress GitHub organization webhook, which parses pushed events and stores it in a table for later querying.
This is how Trac/SVN (and now GitHub) activity is inserted into the profiles activity stream.
Issues created & closed, Pull Requests submitted & merged, and pushes to repositories are supported.
Activity is only recorded against a WordPress.org profile if their GitHub profile is linked to WordPress.org, but will show up once that's done.
This is still a work in progress, and we may want to import older history as well.
See <a href="http://meta.trac.wordpress.org/ticket/4447">#4447</a>, <a href="http://meta.trac.wordpress.org/ticket/5592">#5592</a>.</pre>
<h3>Added Paths</h3>
<ul>
<li>sites/trunk/api.wordpress.org/public_html/dotorg/github/</li>
<li><a href="#sitestrunkapiwordpressorgpublic_htmldotorggithubactivityphp">sites/trunk/api.wordpress.org/public_html/dotorg/github/activity.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="sitestrunkapiwordpressorgpublic_htmldotorggithubactivityphp"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: sites/trunk/api.wordpress.org/public_html/dotorg/github/activity.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/api.wordpress.org/public_html/dotorg/github/activity.php (rev 0)
+++ sites/trunk/api.wordpress.org/public_html/dotorg/github/activity.php 2021-10-08 05:41:01 UTC (rev 11270)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -0,0 +1,294 @@
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<?php
+namespace WordPressdotorg\API\GitHub\Firehose;
+/**
+ * This webhook is configured on the WordPress GitHub organization, and receives events for all WordPress/* repositories.
+ *
+ * The data is parsed, and then stored in the `wporg_github_activity` DB table for displaying on profiles and being used elsewhere.
+ *
+ * Events to Private repo's are skipped, to avoid any potential leakage of sensitive information.
+ *
+ * The format of the tables data is relied upon by the `wporg-profiles.php` profile plugin for generating timelines.
+ *
+ * HTTP Error codes are used to provide action taken for GitHub webhook delivery screen.
+ * - 200: Processed
+ * - 400: Parameters incorrect
+ * - 403: Auth failure
+ * - 422: Payload not processed due to not being required for profiles (The majority of webhook fires)
+ * - 501: Not yet implemented features, if the webhook has extra unexpected data sent.
+ *
+ * The webhook payload is temporarily stored, for easier debugging but will be removed later.
+ */
+
+require dirname( dirname( __DIR__ ) ) . '/wp-init.php';
+
+header( 'Content-Type: text/plain' );
+
+if (
+ empty( $_SERVER['HTTP_X_HUB_SIGNATURE_256'] ) ||
+ empty( $_SERVER['HTTP_X_GITHUB_EVENT'] ) ||
+ empty( $_SERVER['CONTENT_TYPE'] ) ||
+ ! constant( 'GH_ACTIVITY_WEBHOOK_SECRET' ) ||
+ 'application/json' !== $_SERVER['CONTENT_TYPE']
+) {
+ header( 'HTTP/1.0 400 Bad Request', true, 400 );
+ die( 'UHOH; Expectation failed.' );
+}
+
+/**
+ * Fetch the GitHub webhook payload, verifying the signature is correct.
+ * Execution is terminated on failure.
+ *
+ * @return object The signed webhook payload on success.
+ */
+function get_signed_payload_or_die() {
+ $payload = file_get_contents( 'php://input' );
+ // Validate that the request came from GitHub.
+ $sent_signature = $_SERVER['HTTP_X_HUB_SIGNATURE_256'];
+ $expected_signature = 'sha256=' . hash_hmac( 'sha256', $payload, constant( 'GH_ACTIVITY_WEBHOOK_SECRET' ) );
+
+ if ( ! hash_equals( $expected_signature, $sent_signature ) ) {
+ header( 'HTTP/1.0 403 Forbidden', true, 403 );
+ die( 'Err; Signature Failure.' );
+ }
+
+ return json_decode( $payload );
+}
+
+/**
+ * Convert a GitHub username to a WordPress.org User ID.
+ *
+ * @param string $user The GitHub username.
+ * @return false|int The WordPress.org User ID on success, false on failure.
+ */
+function github_user_to_user_id( $user ) {
+ global $wpdb;
+
+ $user_id = $wpdb->get_var( $wpdb->prepare(
+ "SELECT user_id FROM wporg_github_users WHERE github_user = %s",
+ $user
+ ) );
+
+ return $user_id ? intval( $user_id ) : false;
+}
+
+$event = $_SERVER['HTTP_X_GITHUB_EVENT'];
+$payload = get_signed_payload_or_die();
+
+// Ignore anything on private repos.
+if ( ! empty( $payload->repository->private ) ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; Private repo activity is not tracked.' );
+}
+
+// Ignore bots (Issues, Pull Requests)
+if ( 'User' !== $payload->sender->type ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; No homers allowed.' );
+}
+
+switch ( $event ) {
+ case 'push':
+ // Ignore pushes to not-master-branch.
+ if ( $payload->ref != "refs/heads/{$payload->repository->master_branch}" ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; Push to not-master-branch.' );
+ }
+
+ $github_user = $payload->sender->login;
+ $user_id = github_user_to_user_id( $github_user );
+
+ // Detect WordPress.org git mirrors.
+ // Ignore .org SVN => Github pushes.
+ if ( preg_match( '!git-svn-id: https://[^.]+.svn.wordpress.org/!i', $payload->head_commit->message ) ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; push appears to be SVN->GIT sync.' );
+ }
+ // re-assign pushes to the WordPress.org git committer
+ if ( 'git.wordpress.org' === substr( $payload->head_commit->author->email, -17 ) ) {
+ $user = get_user_by( 'slug', substr( $payload->head_commit->author->email, 0, -18 ) );
+ $user_id = $user->ID ?? false;
+ $github_user = $payload->head_commit->author->username ?? ( $user->github ?? '' );
+ }
+
+ if ( ! $github_user && ! $user_id ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; Unknown user.' );
+ }
+
+ // Ignore pushes of PRs
+ $pr_check = wp_safe_remote_get(
+ // This call is currently unauthenticated, 60 req/hour/IP.
+ str_replace(
+ '{/sha1}',
+ "{$payload->head_commit->id}/pulls",
+ $payload->repository->commits_url
+ ),
+ [
+ 'user_agent' => 'WordPress.org Profiles GitHub Activity Notifier'
+ ]
+ );
+ if ( 200 === wp_remote_retrieve_response_code( $pr_check ) ) {
+ // If anything other than an empty array is returned, it's part of a PR which is recorded separately.
+ if ( json_decode( wp_remote_retrieve_body( $pr_check ) ) ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; push appears to be a PR merge.' );
+ }
+ } else {
+ echo "WARNING; Could not verify if it's a PR push from API; falling back to email verification.\n";
+
+ // This isn't perfect, as it'll include web-ui commits to trunk, but it'll do for when the API is unavailable or we've exceeded qupta.
+ if ( 'noreply@github.com' === $payload->head_commit->committer->email ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( 'NO; push appears to be a PR merge (or web-based commit).' );
+ }
+ }
+
+ // Pushed commits.
+ $wpdb->insert(
+ 'wporg_github_activity',
+ ( $user_id ? compact( 'user_id' ) : [] ) + // Leave user_id as null if not known.
+ ( $github_user ? compact( 'github_user' ) : [] ) + // Leave github_user as null if not known.
+ [
+ 'ts' => gmdate( 'Y-m-d H:i:s' ),
+ 'category' => 'push',
+ 'repo' => $payload->repository->full_name,
+ 'url' => count( $payload->commits ) > 1 ? $payload->compare : $payload->head_commit->url,
+ 'title' => count( $payload->commits ) . ' commits:' . $payload->head_commit->message,
+ 'payoad' => json_encode( $payload, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ),
+ ]
+ );
+
+ break;
+
+ case 'issues':
+ if ( ! in_array( $payload->action, [ 'opened', 'edited', 'closed', 'deleted' ] ) ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( "NO; $event:{$payload->action} not required." );
+ }
+
+ // Update the Title & Description if it's edited. Just to keep everything in sync.
+ if ( 'edited' === $payload->action ) {
+ $wpdb->update(
+ 'wporg_github_activity',
+ [
+ 'title' => $payload->issue->title,
+ 'description' => wp_strip_all_tags( $payload->issue->body ),
+ ],
+ [
+ 'github_user' => $payload->issue->user->login,
+ 'url' => $payload->issue->html_url,
+ ]
+ );
+
+ die( 'OK; Updated' );
+ } elseif ( 'deleted' === $payload->action ) {
+ $wpdb->delete(
+ 'wporg_github_activity',
+ [
+ 'url' => $payload->issue->html_url,
+ ]
+ );
+
+ die( 'OK; Deleted' );
+ }
+
+ // Can use Sender here, as they'll be the one to create/close the Issue.
+ $user_id = github_user_to_user_id( $payload->sender->login );
+
+ $wpdb->insert(
+ 'wporg_github_activity',
+ ( $user_id ? compact( 'user_id' ) : [] ) + // Leave user_id as null if not known.
+ [
+ 'ts' => gmdate( 'Y-m-d H:i:s' ),
+ 'github_user' => $payload->sender->login,
+ 'category' => 'issue_' . $payload->action,
+ 'repo' => $payload->repository->full_name,
+ 'url' => $payload->issue->html_url,
+ 'title' => $payload->issue->title,
+ 'description' => wp_strip_all_tags( $payload->issue->body ),
+ 'payload' => json_encode( $payload, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ),
+ ]
+ );
+
+ break;
+ case 'pull_request':
+
+ if ( ! in_array( $payload->action, [ 'opened', 'reopened', 'edited', 'closed' ] ) ) {
+ header( 'HTTP/1.0 422 Unprocessable Entity', true, 422 );
+ die( "NO; $event:{$payload->action} not required." );
+ }
+
+ // Update the Title & Description if it's edited. Just to keep everything in sync.
+ if ( 'edited' === $payload->action ) {
+ $wpdb->update(
+ 'wporg_github_activity',
+ [
+ 'title' => $payload->pull_request->title,
+ 'description' => wp_strip_all_tags( $payload->pull_request->body ),
+ ],
+ [
+ 'github_user' => $payload->pull_request->user->login,
+ 'url' => $payload->pull_request->html_url,
+ ]
+ );
+
+ die( 'OK; Updated' );
+ }
+
+ // The sender of a pull_request event is the merger. The PR author will get extra credit below.
+ $user_id = github_user_to_user_id( $payload->sender->login );
+
+ $event = 'pr_' . $payload->action;
+ if ( 'pr_closed' === $event && ! empty( $payload->pull_request->merged ) ) {
+ $event = 'pr_merge';
+ }
+
+ $wpdb->insert(
+ 'wporg_github_activity',
+ ( $user_id ? compact( 'user_id' ) : [] ) + // Leave user_id as null if not known.
+ [
+ 'ts' => gmdate( 'Y-m-d H:i:s' ),
+ 'github_user' => $payload->sender->login,
+ 'category' => $event,
+ 'repo' => $payload->repository->full_name,
+ 'url' => $payload->pull_request->html_url,
+ 'title' => $payload->pull_request->title,
+ 'description' => wp_strip_all_tags( $payload->pull_request->body ),
+ 'payload' => json_encode( $payload, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ),
+ ]
+ );
+
+ // For pr_merge, credit the PR submitter too.
+ if (
+ 'pr_merge' === $event &&
+ $payload->pull_request->user->login !== $payload->sender->login &&
+ 'User' === $payload->pull_request->user->type // Ignore automated Bot-submited PRs
+ ) {
+ $event = 'pr_merged'; // "merge" is the mergee, "merged" is the OP.
+ $user_id = github_user_to_user_id( $payload->pull_request->user->login );
+ if ( $user_id ) {
+ $wpdb->insert(
+ 'wporg_github_activity',
+ [
+ 'user_id' => $user_id,
+ 'ts' => gmdate( 'Y-m-d H:i:s' ),
+ 'github_user' => $payload->pull_request->user->login,
+ 'category' => $event,
+ 'repo' => $payload->repository->full_name,
+ 'url' => $payload->pull_request->html_url,
+ 'title' => $payload->pull_request->title,
+ 'description' => wp_strip_all_tags( $payload->pull_request->body ),
+ 'payload' => json_encode( $payload, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT ),
+ ]
+ );
+ }
+ }
+
+ break;
+ default:
+ header( 'HTTP/1.0 501 Not Implemented', true, 501 );
+ die( "UHOH; The webhook sent us an event we didn't anticipate." );
+ break;
+}
+
+die( 'OK' );
</ins><span class="cx" style="display: block; padding: 0 10px">Property changes on: sites/trunk/api.wordpress.org/public_html/dotorg/github/activity.php
</span><span class="cx" style="display: block; padding: 0 10px">___________________________________________________________________
</span></span></pre></div>
<a id="svneolstyle"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: svn:eol-style</h4></div>
<ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+native
</ins><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of property
</span></div>
</body>
</html>